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Claims 

1 LA method for accessing encrypted data by a client, the method comprising the 

2 steps of: 

3 receiving by a server from a client client information derived from a first secret wherein 

4 the client information is derived such that the server can not feasibly determine the first secret; 

5 providing to the client by the server intermediate data, the intermediate data derived 

6 responsive to at least the received client information and to a server secret, wherein the 

7 intermediate data is derived such that the client can not feasibly determine the server secret; 

8 authenticating the client by a device, the device storing encrypted secrets and configured 

9 not to provide the encrypted secrets without authentication; and 

10 after the authenticating step, providing to the client by the device the encrypted secrets, 

1 1 wherein the encrypted secrets are capable of being decrypted using a third secret that is derived 

12 from the intermediate data. 

1 2. The method of claim 1 wherein the third secret is derived from the intermediate 

2 data by use of one of a key derivation function and a hash function. 

1 3. The method of claim 1 wherein the third secret is the intermediate data. 

1 4. The method of claim 1 wherein the first secret comprises at least one of a PIN, a 

2 password, and biometric information. 

1 5. The method of claim 1 wherein the intermediate data is derived from at least the 

2 first secret and the server secret by use of a blind function evaluation protocol. 

1 6. The method of claim 5 wherein the security of the blind function evaluation 

2 protocol is based on the problem of extracting roots modulo a composite. 

1 7. The method of claim 5 wherein the security of the blind function evaluation 

2 protocol uses discrete logarithms. 

1 8. The method of claim 1 wherein the authenticating step comprises authenticating 

2 the client based on a time-dependent code. 

1 9. The method of claim 1 wherein the authenticating step comprises authenticating 

2 the client based on at least one of a PIN, a password, and biometric information. 

1 10. The method of claim 1 wherein the authenticating step comprises authenticating 

2 the client based on a secret other than the first secret. 
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1 11. The method of claim 1 wherein the authenticating step comprises using a secret 

2 derived from the intermediate data. 

1 12. The method of claim 1 wherein the device comprises at least one of a file server, a 

2 directory server, a key server, a PDA, a mobile telephone, a smart card, and a desktop computer. 

1 13. The method of claim 12 wherein the device comprises at least one secure data 

2 store, the device requiring authentication before allowing the client access to the data store. 

1 14. The method of claim 1 wherein the encrypted secrets comprise a private key of a 

2 public/private key pair used for asymmetric cryptography. 

1 15. The method of claim 14 wherein the encrypted secrets comprise a signature key 

2 used for creating a digital signature. 

1 16. The method of claim 15 wherein the authenticating step comprises authenticating 

2 the client based on a secret other than the first secret, so that the user provides different 

3 information to access the device and access the signature key. 

1 17. The method of claim 1 wherein the encrypted secrets comprise a secret key used 

2 for symmetric cryptography. 

1 18. The method of claim 1 wherein the encrypted secrets comprise at least one unit 

2 of digital currency. 

1 19. The method of claim 1 further comprising the step of verifying that the client has 

2 not exceeded a predetermined number of unsuccessful attempts to obtain the intermediate data. 

1 20. The method of claim 1 9 wherein the verifying step further comprises: 

2 transmitting a challenge code to the client; and 

3 receiving the result of a cryptographic operation using the challenge code as an input and 

4 using a cryptographic key derived from the encrypted secret. 

1 2 1 . A system for accessing encrypted data by a client, the system comprising: 

2 a first server comprising: 

3 a first server receiver for receiving from a client client information derived from a 

4 first secret wherein the client information is derived such that the first server can not feasibly 

5 determine the first secret; 

6 a first data store storing a server secret; and 

7 a first server output for providing to the client by the first server intermediate 

8 data, the intermediate data derived responsive to at least the received client information and to a 
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9 server secret, wherein the intermediate data is derived such that the client can not feasibly 

10 determine the server secret; and 

1 1 a device, comprising: 

12 a second data store storing an encrypted secret, the encrypted secret capable of 

13 being decrypted using a third secret that is derived from the intermediate data; 

14 an authentication subsystem for authenticating the client by the device; and 

15 a device output for providing to the client by the device the encrypted secrets 

1 6 upon authentication. 

1 22. The system of claim 21 wherein the third secret is derived from the intermediate 

2 data by use of a key derivation function. 

1 23 . The system of claim 2 1 wherein the intermediate data is derived from at least the 

2 first secret and the server secret by use of a blind function evaluation protocol 

1 24. The system of claim 23 wherein the security of the blind function evaluation 

2 protocol is based on the problem of extracting roots modulo a composite. 

1 25. The system of claim 23 wherein the security of the blind function evaluation 

2 protocol is based on the principles of discrete logarithms. 

1 26. The system of claim 21 wherein the authentication subsystem authenticates the 

2 client based on a secret other than the first secret. 

1 27. The system of claim 21 wherein the authentication subsystem authenticates the 

2 client using a secret derived from the intermediate data. 

1 28. The system of claim 21 wherein the second device comprises at least one of a file 

2 server, a directory server, a key server, a PDA, a mobile telephone, a smart card, and a desktop 

3 computer. 

1 29. The system of claim 21 wherein the encrypted secret comprises at least one secret 

2 chosen from the set of a private key of a public/private key pair used for asymmetric 

3 cryptography, a signature key used for creating a digital signature, a secret key used for 

4 symmetric cryptography, and at least one unit of digital currency. 

1 30. The system of claim 21 wherein the first server further comprises a verifier for 

2 verifying that the client has not exceeded a predetermined number of unsuccessful attempts to 

3 obtain the intermediate data. 
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1 3 1 . A method for decrypting encrypted secrets associated with a client by a network 

2 server, the method comprising the steps of: 

3 receiving from a client a first secret; 

4 transmitting client information to a first server, the client information derived from the 

5 first secret such that the first server can not feasibly determine the first secret; 

6 receiving from the first server intermediate data, the intermediate data derived responsive 

7 to at least the client information and to a first server secret, wherein the intermediate data is 

8 derived by the second server such that the server secret cannot feasibly be determined; 

9 deriving a decryption key from the intermediate data; and 
10 decrypting the encrypted secrets using the decryption key. 

1 32. The method of claim 3 1 wherein the network server is a web server and wherein 

2 the client is a web browser. 

1 33. The method of claim 3 1 wherein the deriving step is performed using a key 

2 derivation function. 

1 34. The method of claim 3 1 wherein the intermediate data is derived using a blind 

2 function evaluation protocol. 

1 35. The method of claim 3 1 wherein the intermediate data is derived using a blind 

2 function evaluation protocol. 

1 36. The method of claim 31 wherein the encrypted secrets comprise encrypted 

2 personal information associated with a user of the client. 

1 37. A network server for accessing encrypted secrets associated with a client, the 

2 method comprising the steps of: 

3 a first receiver for receiving from a client a first secret; 

4 a transmitter for transmitting client information to a first server, the client information 

5 derived from the first secret such that the first server can not feasibly determine the first secret; 

6 a second receiver for receiving from the first server intermediate data, the intermediate 

7 data derived responsive to at least the client information and to a first server secret, wherein the 

8 intermediate data is derived by the second server such that the server secret cannot feasibly be 

9 determined; 

10 a key derivation function for deriving a decryption key from the intermediate data; and 

1 1 a decryption function for decrypting the encrypted secrets using the decryption key. 
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38. A method for authenticating to a network server, the method comprising the steps 

of: 

transmitting to a first server client information derived from a first secret wherein the 
client information is derived such that the server can not feasibly determine the first secret; 

receiving from the first server intermediate data, the intermediate data derived responsive 
to at least the received client information and to a server secret, wherein the intermediate data is 
derived such that the client can not feasibly determine the server secret; 

deriving a server password by the client from the intermediate data and a server 
identifier; 

authenticating to the network server using the server password. 

39. The method of claim 38 further comprising the step of transmitting to the first 
server by the network server verification that the user has authenticated successfully. 

40. The method of claim 38 wherein the network server is a web server. 

41 . The method of claim 38 wherein the deriving step comprises deriving a server 
password using a key derivation function. 



1 42. A system for authenticating to a network server, comprising: 

2 a first transmitter for transmitting to a first server client information derived from a first 

3 secret wherein the client information is derived such that the server can not feasibly determine 

4 the first secret; 

5 a receiver for receiving from the first server intermediate data, the intermediate data 

6 derived responsive to at least the received client information and to a server secret, wherein the 

7 intermediate data is derived such that the client can not feasibly determine the server secret; 

8 a key derivation function for deriving a server password by the client from the 

9 intermediate data and a server identifier; and 

10 a first transmitter for transmitting the server password to the network server to 

1 1 authenticate to the network server.. 
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